Re: Virus access to System Restore??
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Fri, 11 Aug 2006 07:03:42 -0700
If malware is able to install something by leveraging admin context
then it can get to run as system which does have full access to the
system restore point storage.
When this has happened and you are insisting on not formatting
and installing fresh then you should shut off system restores so that
all gets delete and then turn it back on as a part of your cleanup.
"David Jones" <davejones@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0998E081-32E7-48BB-99CB-7248B4AE7CE7@xxxxxxxxxxxxxxxx
I just spent the day scanning my drives to remove some viruses.
- Yes I was at fault in that I didn't have antivirus sw on my system.. now
rectified
- Yes I shouldn't have gone to that site and accepted a downloaded codec
install
The av sw found 4 viruses including, as I suspected a fake virus alert:
The taskbar show (bottom right of screen) that there was a virus and
occassionally popped up meassage saying my machine was infected and to
click
there to install antimalware sw ... I wasn't fooled on that one
(It pointed to something like xxxxquake.com)
My question is this:
=============
The 4 viruses were in the System Volume Information folder as part of
System
Restore. How come virus software can inject into that folder. Surely it
should be trebly protected? I can't vene browse into myself as
administrator?
PS The viruses were 3xPuper and 1x Fake-Alert-B, all Trojan
Virus scan sw is MacAfee
The annoying thing is that I couldn't do a system restore after the virus
scan and removal.
--
David Jones
RMIT University
.
- Prev by Date: a noob encryption ?
- Next by Date: Re: 'authenticated users' group membership question
- Previous by thread: a noob encryption ?
- Next by thread: Messenger Service?
- Index(es):
Relevant Pages
|
